From 9ae8c1869ae3f39c234790bf5f7c050d9a41ea77 Mon Sep 17 00:00:00 2001 From: Chad Fraleigh Date: Tue, 4 Jul 2023 15:44:32 -0700 Subject: [PATCH 1/4] Added bounds checking to LeaseSet2. --- libi2pd/LeaseSet.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libi2pd/LeaseSet.cpp b/libi2pd/LeaseSet.cpp index 675f650392e..7138f4cc4a4 100644 --- a/libi2pd/LeaseSet.cpp +++ b/libi2pd/LeaseSet.cpp @@ -394,6 +394,10 @@ namespace data size_t LeaseSet2::ReadStandardLS2TypeSpecificPart (const uint8_t * buf, size_t len) { size_t offset = 0; + + if(offset + 2 > len) // AKA (len < 2) + return 0; + // properties uint16_t propertiesLen = bufbe16toh (buf + offset); offset += 2; offset += propertiesLen; // skip for now. TODO: implement properties @@ -448,6 +452,10 @@ namespace data size_t LeaseSet2::ReadMetaLS2TypeSpecificPart (const uint8_t * buf, size_t len) { size_t offset = 0; + + if(offset + 2 > len) // AKA (len < 2) + return 0; + // properties uint16_t propertiesLen = bufbe16toh (buf + offset); offset += 2; offset += propertiesLen; // skip for now. TODO: implement properties From cbec85a21bfe0201fcc7a149827cf4aacf7e7435 Mon Sep 17 00:00:00 2001 From: Chad Fraleigh Date: Wed, 5 Jul 2023 15:30:02 -0700 Subject: [PATCH 2/4] Added IDENTITY_HASH_SIZE constant. --- libi2pd/Identity.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libi2pd/Identity.h b/libi2pd/Identity.h index 97d596d8633..46f53ec2c43 100644 --- a/libi2pd/Identity.h +++ b/libi2pd/Identity.h @@ -22,7 +22,9 @@ namespace i2p { namespace data { - typedef Tag<32> IdentHash; + const uint8_t IDENTITY_HASH_SIZE = 32; + + typedef Tag IdentHash; inline std::string GetIdentHashAbbreviation (const IdentHash& ident) { return ident.ToBase64 ().substr (0, 4); From c1ede68a337640fc9b7a6c620745fb05d33e0936 Mon Sep 17 00:00:00 2001 From: Chad Fraleigh Date: Wed, 5 Jul 2023 15:49:10 -0700 Subject: [PATCH 3/4] Use IDENTITY_HASH_SIZE constant in NetDb::HandleDatabaseLookupMsg(). --- libi2pd/NetDb.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libi2pd/NetDb.cpp b/libi2pd/NetDb.cpp index baf96f74055..ca048becf7d 100644 --- a/libi2pd/NetDb.cpp +++ b/libi2pd/NetDb.cpp @@ -955,9 +955,9 @@ namespace data // try responses for (int i = 0; i < num; i++) { - const uint8_t * router = buf + 33 + i*32; + const uint8_t * router = buf + 33 + i*IDENTITY_HASH_SIZE; char peerHash[48]; - int l1 = i2p::data::ByteStreamToBase64 (router, 32, peerHash, 48); + int l1 = i2p::data::ByteStreamToBase64 (router, IDENTITY_HASH_SIZE, peerHash, 48); peerHash[l1] = 0; LogPrint (eLogDebug, "NetDb: ", i, ": ", peerHash); From e8b4e971f92425c6601883c0d6f21819e5f268d5 Mon Sep 17 00:00:00 2001 From: Chad Fraleigh Date: Wed, 5 Jul 2023 15:51:47 -0700 Subject: [PATCH 4/4] Added bounds checking to NetDb::HandleDatabaseSearchReplyMsg(). --- libi2pd/NetDb.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libi2pd/NetDb.cpp b/libi2pd/NetDb.cpp index ca048becf7d..9fa3123d422 100644 --- a/libi2pd/NetDb.cpp +++ b/libi2pd/NetDb.cpp @@ -952,6 +952,10 @@ namespace data else if(!m_FloodfillBootstrap) LogPrint (eLogWarning, "NetDb: Requested destination for ", key, " not found"); + // All peers hashs in buffer? + if(msg->GetPayloadLength() < (size_t) (33 + num * IDENTITY_HASH_SIZE)) + return; + // try responses for (int i = 0; i < num; i++) {